Pretty Dangerous Format The Rising Trend of PDF Attacks
Malicious hackers use the PDF file format’s extended features against users by modifying PDF files in order use them as attack tools that exploit vulnerabilities in the Adobe products that read the files.
No Title
According to Symantec’s Internet Security Threat Report, researchers at the company estimated that 49 percent of all web-based attacks in 2009 used infected PDF files to propagate.
No Title
McAfee says that in 2007 and 2008, only 2 percent of all malware exploited vulnerabilities in Adobe Reader or Adobe Acrobat.
No Title
In 2009, the percent of malware exploiting Reader and Acrobat vulnerabilities jumped to 17 percent.
No Title
And in the first quarter of 2010, McAfee researchers say the number jumped up to 28 percent.
No Title
Meanwhile, security researchers at F-Secure said that among the 900 targeted attacks it found during the first two months of 2010, 61 percent exploited Reader vulnerabilities.
No Title
Last month Trend Micro highlighted one example of how a recent malicious PDF worked, alerting users that hackers embed malicious objects that exploit Adobe buffer overflow and TIFF vulnerabilities.
No Title
That exploit then allows the Trojan to connect to malicious URLs in order to download more damaging files on the machine to continue the attack.
No Title
Meanwhile, numerous security researchers last month warned that crooks are taking advantage of a design flaw in the "/LAUNCH" feature in PDFs to develop new attacks.
No Title
The feature allows PDFs to execute code using the "/Launch" command. Hackers can create a malicious PDF that launches CMD.EXE in order to create malicious scripts that attack the system.
No Title
You can help mitigate the risk of PDF attacks through the following steps:• Keep Systems Patched• Harden Configurations To Disallow Unnecessary Features• Keep Security Systems Updated• Train The Users
No Title
Keep Systems PatchedA great deal of PDF attacks take advantage of vulnerabilities for which Adobe has already released patched–including the ones Trend Micro warned about.
No Title
Harden Configurations to Disallow Unnecessary FeaturesSome vulnerabilities–such as the "/Launch" design flaw–still remain unpatched. However, partners can help customers mitigate risk by configuring systems to block such features for better protection.
No Title
Keep Security Systems UpdatedAlways make sure your customers’ threat protection systems are continuously updated–security vendors try to stay on top of the most recent PDF threats.
No Title
Train the UsersMany PDF attacks can be stopped dead in their tracks if users simply choose not to open errant spam attachments.